Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

can't stop the popup windows and downloads

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

can't stop the popup windows and downloads

Unread postby smartrobert » July 20th, 2014, 5:15 pm

New windows keep popping up in Chrome and Firefox when clicking on the screen. These popups are mostly for downloading various advertised computer tools including Wix.com, PCKeeper, pchealthboost, suggestions to update Chrome, etc. Also some Setup.exe files for system applets are downloading automatically. Malwarebytes is detectining several PUPs (DynamicPricer, QuickStart, SuperFish) and a Tojan downloader. I quarantine these but they keep coming back. Can't seem to get rid of problems with Malwarebytes or herdProtect. I am also seeing keyword links and popups appearing in websites. Thank you.

FRST.txt and Addition.txt logs follow.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by Robert (administrator) on ROBERT on 20-07-2014 16:36:31
Running from C:\Users\Robert\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\Robert\AppData\Roaming\Dashlane\Dashlane.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Intuit Inc.) C:\Program Files (x86)\Quicken\qw.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
() C:\Users\Robert\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-19] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1675530904-1706056172-1663431866-1001\...\Run: [Dashlane] => C:\Users\Robert\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-07-17] ()
HKU\S-1-5-21-1675530904-1706056172-1663431866-1001\...\Run: [Spotify Web Helper] => C:\Users\Robert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-07-06] (Spotify Ltd)
HKU\S-1-5-21-1675530904-1706056172-1663431866-1001\...\MountPoints2: {f4b25b91-448e-11e3-be7e-00158315a310} - "D:\HPLauncher.exe"
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 8.lnk
ShortcutTarget: SnagIt 8.lnk -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {6E2F5D39-A2E9-4F52-98AF-9AD6C65AD09A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {6E2F5D39-A2E9-4F52-98AF-9AD6C65AD09A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKCU - {6E2F5D39-A2E9-4F52-98AF-9AD6C65AD09A} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
BHO: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Robert\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\ie\x64\Dashlanei.dll (Dashlane)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Robert\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\ie\Dashlanei.dll (Dashlane)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61}C -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - No Name - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No File
Toolbar: HKLM - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Robert\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\ie\x64\KWIEBar.dll (Dashlane)
Toolbar: HKLM-x32 - No Name - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No File
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Robert\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\ie\KWIEBar.dll (Dashlane)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mj4eirvq.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-10-26]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-26]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-10-26]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-10-26]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-10-26]
FF HKLM-x32\...\Firefox\Extensions: [DynamicPricer@dynamic-pricer.com] - C:\Users\Robert\AppData\Local\DynamicPricer\Firefox\DynamicPricer.xpi
FF Extension: DynamicPricer - C:\Users\Robert\AppData\Local\DynamicPricer\Firefox\DynamicPricer.xpi [2014-07-19]

Chrome:
=======
CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT332658 ... 6CA9&SSPV=
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=M57A07B69-8D5F-4A41-A82E-47567719AE9D&SearchSource=55&CUI=&UM=5&UP=SP2B42A91B-BDE5-4003-A885-7A9C675D6CA9&SSPV="
CHR Extension: (Google Docs) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-16]
CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-16]
CHR Extension: (Kaspersky Protection) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-04-13]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-16]
CHR Extension: (Guitarist's Reference) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddaabhppoebkmalboinjhgofbhdbcgk [2014-07-19]
CHR Extension: (Google Search) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-16]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-10-31]
CHR Extension: (Google Calendar) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-07-19]
CHR Extension: (Dashlane) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-07-19]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-10-31]
CHR Extension: (New Tab Redirect) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-07-19]
CHR Extension: (Google Wallet) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-16]
CHR Extension: (Quick start) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-07-19]
CHR Extension: (Gmail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-16]
CHR Extension: (Anti-Banner) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-10-31]
CHR Extension: (DynamicPricer) - C:\Users\Robert\AppData\Local\DynamicPricer\Chrome [2014-03-19]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/deta ... ddbepgkeaa [2014-03-19]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-01-22] (Macrovision Europe Ltd.) [File not signed]
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 GENERICDRV; C:\Program Files (x86)\UEFI WinFlash\amifldrv64.sys [15640 2012-07-27] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-12-18] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-23] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-08] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-23] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2013-12-18] (Kaspersky Lab ZAO)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [47320 2013-07-29] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-20 16:36 - 2014-07-20 16:36 - 00028932 _____ () C:\Users\Robert\Downloads\FRST.txt
2014-07-20 16:36 - 2014-07-20 16:36 - 00000000 ____D () C:\FRST
2014-07-20 16:35 - 2014-07-20 16:35 - 02089984 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-07-19 16:28 - 2014-07-20 16:32 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-19 16:28 - 2014-07-19 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-19 16:27 - 2014-07-20 16:32 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-19 16:27 - 2014-07-20 16:32 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-19 16:27 - 2014-07-19 16:27 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-19 16:27 - 2014-07-19 16:27 - 00003648 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-19 16:21 - 2014-07-19 16:21 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-19 16:21 - 2014-07-19 16:21 - 00001134 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-19 16:21 - 2014-07-19 16:21 - 00000000 ____D () C:\Users\Robert\AppData\Roaming\Mozilla
2014-07-19 16:21 - 2014-07-19 16:21 - 00000000 ____D () C:\Users\Robert\AppData\Local\Mozilla
2014-07-19 16:21 - 2014-07-19 16:21 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-19 16:21 - 2014-07-19 16:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-19 16:21 - 2014-07-19 16:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-19 16:08 - 2014-07-20 16:22 - 00000000 ____D () C:\Users\Robert\AppData\Local\DynamicPricer
2014-07-19 16:02 - 2014-07-19 16:16 - 00007626 _____ () C:\WINDOWS\PFRO.log
2014-07-19 15:45 - 2014-07-20 10:46 - 00025422 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-12 20:14 - 2014-07-12 20:14 - 00003112 _____ () C:\WINDOWS\System32\Tasks\{C733460B-2656-4510-9559-688E0B25802F}
2014-07-12 20:04 - 2014-07-12 20:34 - 00000003 _____ () C:\Users\Robert\AppData\Local\proxy.log
2014-07-12 20:02 - 2014-07-12 23:07 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-12 20:02 - 2014-07-12 22:49 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-07-12 19:50 - 2014-07-12 20:29 - 00000000 ____D () C:\WINDOWS\pss
2014-07-12 14:35 - 2014-07-12 14:35 - 00001144 _____ () C:\Users\Public\Desktop\herdProtect.lnk
2014-07-12 14:35 - 2014-07-12 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
2014-07-12 14:35 - 2014-07-12 14:35 - 00000000 ____D () C:\Program Files\Reason
2014-07-12 14:15 - 2014-07-12 14:15 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-12 13:09 - 2014-07-12 13:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-09 21:28 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-08 21:56 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-08 21:56 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-08 21:56 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-08 21:56 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-08 21:56 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-08 21:56 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-08 21:56 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-08 21:56 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-08 21:56 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-08 21:56 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-08 21:55 - 2014-06-30 18:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-08 21:55 - 2014-06-28 03:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-08 21:55 - 2014-06-28 03:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-08 21:55 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-08 21:55 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-08 21:55 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-08 21:55 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-08 21:55 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-08 21:55 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-08 21:55 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-08 21:55 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-08 21:55 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-08 21:55 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-08 21:55 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-08 21:55 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-08 21:55 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-08 21:55 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-08 21:55 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-08 21:55 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-08 21:55 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-08 21:55 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-08 21:55 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-08 21:55 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-08 21:55 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-08 21:55 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-08 21:55 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-08 21:55 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-08 21:55 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-08 21:55 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-08 21:55 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-08 21:55 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-08 21:55 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-08 21:55 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-08 21:55 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-08 21:55 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-08 21:55 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-08 21:55 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 21:55 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-08 21:55 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-08 21:55 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-08 21:55 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-08 21:55 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-08 21:55 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-08 21:55 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-08 21:55 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-08 21:55 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-08 21:55 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-06-30 23:13 - 2014-07-12 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO

==================== One Month Modified Files and Folders =======

2014-07-20 16:37 - 2013-10-16 22:09 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1675530904-1706056172-1663431866-1001
2014-07-20 16:36 - 2014-07-20 16:36 - 00028932 _____ () C:\Users\Robert\Downloads\FRST.txt
2014-07-20 16:36 - 2014-07-20 16:36 - 00000000 ____D () C:\FRST
2014-07-20 16:35 - 2014-07-20 16:35 - 02089984 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2014-07-20 16:32 - 2014-07-19 16:28 - 00002174 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-20 16:32 - 2014-07-19 16:27 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 16:32 - 2014-07-19 16:27 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 16:28 - 2013-10-19 22:38 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EF079517-B064-43D3-88B2-6AAEDF4A1F08}
2014-07-20 16:26 - 2013-10-26 19:40 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-20 16:22 - 2014-07-19 16:08 - 00000000 ____D () C:\Users\Robert\AppData\Local\DynamicPricer
2014-07-20 16:19 - 2014-05-28 23:10 - 00003476 _____ () C:\WINDOWS\System32\Tasks\GPUpdateCheck
2014-07-20 15:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-20 10:49 - 2013-10-16 22:21 - 00000000 ____D () C:\Users\Robert\Documents\Quicken
2014-07-20 10:46 - 2014-07-19 15:45 - 00025422 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-20 10:25 - 2014-07-20 10:25 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-07-20 10:25 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-19 16:28 - 2014-07-19 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-19 16:28 - 2013-10-16 22:01 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-19 16:27 - 2014-07-19 16:27 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-19 16:27 - 2014-07-19 16:27 - 00003648 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-19 16:23 - 2013-09-30 00:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-19 16:21 - 2014-07-19 16:21 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-19 16:21 - 2014-07-19 16:21 - 00001134 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-19 16:21 - 2014-07-19 16:21 - 00000000 ____D () C:\Users\Robert\AppData\Roaming\Mozilla
2014-07-19 16:21 - 2014-07-19 16:21 - 00000000 ____D () C:\Users\Robert\AppData\Local\Mozilla
2014-07-19 16:21 - 2014-07-19 16:21 - 00000000 ____D () C:\ProgramData\Mozilla
2014-07-19 16:21 - 2014-07-19 16:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-19 16:21 - 2014-07-19 16:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-19 16:19 - 2013-10-19 22:36 - 00000000 __RDO () C:\Users\Robert\SkyDrive
2014-07-19 16:16 - 2014-07-19 16:02 - 00007626 _____ () C:\WINDOWS\PFRO.log
2014-07-19 16:16 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-19 16:16 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-19 16:07 - 2013-12-25 14:20 - 00000000 ____D () C:\Users\Robert\AppData\Local\CrashDumps
2014-07-19 16:04 - 2013-10-19 21:24 - 00001970 _____ () C:\Users\Robert\Desktop\Dashlane.lnk
2014-07-19 16:04 - 2013-10-19 21:24 - 00000000 ____D () C:\Users\Robert\AppData\Roaming\Dashlane
2014-07-19 15:38 - 2014-05-29 20:43 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-19 15:28 - 2013-05-06 03:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-19 15:28 - 2013-05-06 03:03 - 00000000 ____D () C:\ProgramData\WildTangent
2014-07-19 15:28 - 2013-05-06 03:03 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-07-19 15:27 - 2013-05-06 03:02 - 00000000 ____D () C:\ProgramData\Origin
2014-07-12 23:07 - 2014-07-12 20:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-12 22:49 - 2014-07-12 20:02 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-07-12 22:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\addins
2014-07-12 20:34 - 2014-07-12 20:04 - 00000003 _____ () C:\Users\Robert\AppData\Local\proxy.log
2014-07-12 20:29 - 2014-07-12 19:50 - 00000000 ____D () C:\WINDOWS\pss
2014-07-12 20:22 - 2013-11-03 10:16 - 00000000 ____D () C:\Users\Robert\AppData\Roaming\Origin
2014-07-12 20:14 - 2014-07-12 20:14 - 00003112 _____ () C:\WINDOWS\System32\Tasks\{C733460B-2656-4510-9559-688E0B25802F}
2014-07-12 20:02 - 2013-08-22 11:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-07-12 20:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-07-12 15:45 - 2014-06-30 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2014-07-12 15:33 - 2013-10-16 22:03 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-12 15:33 - 2013-10-16 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-12 15:33 - 2013-10-16 22:03 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-12 14:51 - 2014-05-28 23:11 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-07-12 14:35 - 2014-07-12 14:35 - 00001144 _____ () C:\Users\Public\Desktop\herdProtect.lnk
2014-07-12 14:35 - 2014-07-12 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
2014-07-12 14:35 - 2014-07-12 14:35 - 00000000 ____D () C:\Program Files\Reason
2014-07-12 14:30 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-07-12 14:29 - 2013-10-19 22:21 - 00000000 ____D () C:\Users\Robert
2014-07-12 14:28 - 2013-12-15 22:24 - 00000000 ____D () C:\Users\Robert\Desktop\temp
2014-07-12 14:15 - 2014-07-12 14:15 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-12 14:09 - 2014-05-28 23:00 - 00000000 ____D () C:\Users\Robert\AppData\Roaming\Azureus
2014-07-12 14:08 - 2014-01-30 11:52 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-12 13:25 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-12 13:12 - 2013-08-22 10:44 - 00409720 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-12 13:10 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 13:10 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 13:09 - 2014-07-12 13:09 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-12 13:09 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 13:09 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 13:09 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-12 12:56 - 2013-11-07 19:20 - 00000000 ____D () C:\Users\Robert\AppData\Roaming\Spotify
2014-07-11 06:32 - 2013-11-07 19:20 - 00000000 ____D () C:\Users\Robert\AppData\Local\Spotify
2014-07-09 21:33 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-09 21:32 - 2013-10-17 20:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 21:32 - 2013-10-16 23:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 21:30 - 2013-10-17 20:51 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 21:30 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-08 22:06 - 2013-10-19 19:16 - 00000000 ____D () C:\Users\Robert\AppData\Local\Paint.NET
2014-07-08 21:52 - 2013-10-19 19:17 - 00001211 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-07-08 21:52 - 2013-10-19 19:17 - 00001199 _____ () C:\Users\Public\Desktop\Paint.NET.lnk
2014-07-08 21:52 - 2013-10-19 19:17 - 00000000 ____D () C:\Program Files\Paint.NET
2014-07-06 12:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-06 09:02 - 2013-10-24 22:32 - 00387072 ___SH () C:\Users\Robert\Documents\Thumbs.db
2014-06-30 18:45 - 2014-07-08 21:55 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-06-28 03:48 - 2014-07-08 21:55 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 03:07 - 2014-07-08 21:55 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-06-26 16:55 - 2014-05-04 15:03 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 16:55 - 2014-05-04 15:03 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-24 22:05 - 2013-07-12 02:06 - 00002990 _____ () C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2014-06-21 22:56 - 2013-10-24 22:17 - 00000000 ____D () C:\Users\Robert\AppData\Local\CutePDF Writer

Some content of TEMP:
====================
C:\Users\Robert\AppData\Local\Temp\GPUpd53C9E1C51.exe
C:\Users\Robert\AppData\Local\Temp\GPUpd53CAD3581.exe
C:\Users\Robert\AppData\Local\Temp\GPUpd53CAD3632.exe
C:\Users\Robert\AppData\Local\Temp\GPUpd53CC24AD1.exe
C:\Users\Robert\AppData\Local\Temp\GPUpd53CC24BB2.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-19 15:44

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014
Ran by Robert at 2014-07-20 16:37:10
Running from C:\Users\Robert\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

Adobe Acrobat 8 Standard - English, Français, Deutsch (x32 Version: 8.1.0 - Adobe Systems) Hidden
Adobe Acrobat 8.1.0 Standard (HKLM-x32\...\Adobe Acrobat 8 Standard - English, Français, Deutsch) (Version: 8.1.0 - Adobe Systems)
Adobe Reader XI (11.0.05) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.7.1245.73473 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.7.1245.73473 - Alcor Micro Corp.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (x32 Version: 12.3.0.8 - Citrix Systems, Inc.) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
Dashlane (HKCU\...\Dashlane) (Version: 3.0.1.67402 - Dashlane SAS)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)
DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JLCD-ROM (HKLM-x32\...\Product_Name) (Version: - )
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
paint.net (HKLM\...\{3F5F509B-E226-417C-8CD1-CAAE756C328A}) (Version: 4.0.0 - dotPDN LLC)
PDF-XChange Editor (HKLM-x32\...\{2eef0fe2-cc4a-47d6-959c-de2d5c2cc40b}) (Version: 3.0.307.2 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 3.0.307.2 - Tracker Software Products (Canada) Ltd.) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
SnagIt 8 (HKLM-x32\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.22.gf87988f9 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.342 - Toshiba Corporation)
TOSHIBA Password Utility (x32 Version: 3.00.342 - Toshiba Corporation) Hidden
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)

==================== Restore Points =========================

02-07-2014 02:38:01 Scheduled Checkpoint
09-07-2014 01:51:23 paint.net 4.0
18-07-2014 02:10:19 Scheduled Checkpoint

==================== Hosts content: ==========================

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {05E389C4-E1E4-413C-9978-2072A1B98F52} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {152F639E-1C19-45CD-ACF8-F7FA9E73E495} - System32\Tasks\GPUpdateCheck => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-06-08] ()
Task: {154069A6-8242-4142-A5F9-98D33D091EEE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2321A9C3-0CB6-4DE0-BE51-8FC9ED79B377} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5229278D-C5A6-404E-95F6-F84BC27B8E89} - System32\Tasks\GPUpdate => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-06-08] ()
Task: {5806C766-0CB9-4B70-8770-86DD19D71186} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6F362999-A6C9-4EAD-912B-FA5AD2F6F9B0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8FBA2A4A-C00E-483C-8857-5B4F6B311723} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AD13028C-0B14-4262-A170-940DB0632CB0} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {B7E90407-854B-4211-9ADC-1129C5419F7E} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {C03FA127-9B97-4B22-85E7-CCC49945A362} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CCBAB066-70E1-4773-A1E9-C25EDB212DB6} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E535112C-EE83-4D85-BF83-9A695A4817E9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F0284E3C-31F2-4E84-A4B8-F3896E7CA8D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-19] (Google Inc.)
Task: {FC36B801-68AB-4619-B835-FCC41A07B1EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-19] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-27 17:53 - 2013-03-27 17:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
2013-10-24 22:10 - 2012-10-04 19:49 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll
2013-09-10 13:54 - 2013-09-10 13:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-01 14:24 - 2013-08-01 14:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2013-10-19 21:24 - 2014-07-17 06:28 - 00219832 _____ () C:\Users\Robert\AppData\Roaming\Dashlane\Dashlane.exe
2014-02-18 16:52 - 2014-07-17 06:28 - 00225464 _____ () C:\Users\Robert\AppData\Roaming\Dashlane\DashlanePlugin.exe
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-07-12 02:00 - 2013-03-12 16:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-05-09 22:03 - 2014-05-09 22:03 - 00228864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cf021988965369c551bb0987fe019862\Windows.Foundation.ni.dll
2014-07-17 06:27 - 2014-07-17 06:27 - 00262328 _____ () C:\Users\Robert\AppData\Roaming\Dashlane\3.0.1.67402\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.0.1.67402.dll
2014-07-17 06:27 - 2014-07-17 06:27 - 00407224 _____ () C:\Users\Robert\AppData\Roaming\Dashlane\3.0.1.67402\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.0.1.67402.dll
2014-07-17 06:27 - 2014-07-17 06:27 - 00426168 _____ () C:\Users\Robert\AppData\Roaming\Dashlane\3.0.1.67402\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.0.1.67402.dll
2014-07-17 06:27 - 2014-07-17 06:27 - 30340280 _____ () C:\Users\Robert\AppData\Roaming\Dashlane\3.0.1.67402\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.0.1.67402.dll
2014-07-17 06:27 - 2014-07-17 06:27 - 00265400 _____ () C:\Users\Robert\AppData\Roaming\Dashlane\3.0.1.67402\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.0.1.67402.dll
2014-07-17 06:27 - 2014-07-17 06:27 - 05733560 _____ () C:\Users\Robert\AppData\Roaming\Dashlane\3.0.1.67402\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.0.1.67402.dll
2014-07-17 06:27 - 2014-07-17 06:27 - 05918904 _____ () C:\Users\Robert\AppData\Roaming\Dashlane\3.0.1.67402\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.0.1.67402.dll
2012-08-27 13:40 - 2012-08-27 13:40 - 00490864 _____ () C:\Program Files (x86)\Quicken\alrtint8.dll
2014-07-20 16:22 - 2014-03-09 10:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
2014-07-20 16:22 - 2014-03-09 10:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
2014-07-20 16:22 - 2014-03-09 10:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
2014-07-20 16:22 - 2014-03-09 10:35 - 04060488 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
2014-07-20 16:22 - 2014-03-09 10:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
2014-07-20 16:22 - 2014-03-09 10:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
2014-07-17 06:27 - 2014-07-17 06:27 - 12188344 _____ () C:\Users\Robert\AppData\Roaming\Dashlane\3.0.1.67402\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.0.1.67402.dll
2014-07-17 06:27 - 2014-07-17 06:27 - 02050232 _____ () C:\Users\Robert\AppData\Roaming\Dashlane\3.0.1.67402\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.0.1.67402.dll
2014-07-17 06:27 - 2014-07-17 06:27 - 00189112 _____ () C:\Users\Robert\AppData\Roaming\Dashlane\3.0.1.67402\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.0.1.67402.dll
2014-07-12 11:44 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Robert\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Robert\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

HKLM\...\StartupApproved\StartupFolder: => "SnagIt 8.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "TSleepSrv"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "fst_us_139"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "upfst_us_139.exe"
HKCU\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKCU\...\StartupApproved\Run: => "Spotify"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
HKCU\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_8CC0C224CAA679A6B63017BE99A17B85"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2014 02:06:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROBERT)
Description: Activation of app DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/20/2014 02:06:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROBERT)
Description: Activation of app DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/20/2014 02:06:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROBERT)
Description: Activation of app DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/19/2014 04:07:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.5, time stamp: 0x53977103
Faulting module name: LSASRV.dll, version: 6.3.9600.17193, time stamp: 0x5386c52d
Exception code: 0xc0000005
Fault offset: 0x000000000004f22a
Faulting process id: 0xf24
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5

Error: (07/19/2014 00:04:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SMIPlayer.exe version 5.3.27.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ddc

Start Time: 01cfa2f8fd89aa4c

Termination Time: 58

Application Path: C:\Program Files (x86)\TOSHIBA\TOSHIBA VIDEO PLAYER\SMIPlayer.exe

Report Id: b62786c7-0ef9-11e4-bea4-00158315a310

Faulting package full name:

Faulting package-relative application ID:

Error: (07/17/2014 09:27:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20498 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 26f4

Start Time: 01cfa022124fb68b

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: b6678886-0e1a-11e4-bea4-00158315a310

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (07/13/2014 00:36:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.5, time stamp: 0x53977103
Faulting module name: LSASRV.dll, version: 6.3.9600.17193, time stamp: 0x5386c52d
Exception code: 0xc0000005
Fault offset: 0x000000000004f22a
Faulting process id: 0x1a00
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5

Error: (07/12/2014 11:11:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.5, time stamp: 0x53977103
Faulting module name: LSASRV.dll, version: 6.3.9600.17193, time stamp: 0x5386c52d
Exception code: 0xc0000005
Fault offset: 0x000000000004f22a
Faulting process id: 0x1600
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5

Error: (07/12/2014 03:53:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.5, time stamp: 0x53977103
Faulting module name: LSASRV.dll, version: 6.3.9600.17193, time stamp: 0x5386c52d
Exception code: 0xc0000005
Fault offset: 0x000000000004f22a
Faulting process id: 0x1904
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5

Error: (07/12/2014 02:47:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.5, time stamp: 0x53977103
Faulting module name: LSASRV.dll, version: 6.3.9600.17193, time stamp: 0x5386c52d
Exception code: 0xc0000005
Fault offset: 0x000000000004f22a
Faulting process id: 0x8b0
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5


System errors:
=============
Error: (07/20/2014 02:47:31 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/20/2014 02:47:19 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/20/2014 02:47:18 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/20/2014 02:47:17 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/20/2014 02:47:16 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/20/2014 02:47:15 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/20/2014 02:47:14 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/20/2014 02:47:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/20/2014 02:47:12 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/20/2014 02:47:11 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.


Microsoft Office Sessions:
=========================
Error: (07/20/2014 02:06:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROBERT)
Description: DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default-2144927148

Error: (07/20/2014 02:06:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROBERT)
Description: DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default-2144927148

Error: (07/20/2014 02:06:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ROBERT)
Description: DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default-2144927148

Error: (07/19/2014 04:07:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: herdProtectScan.exe1.0.3.553977103LSASRV.dll6.3.9600.171935386c52dc0000005000000000004f22af2401cfa38cf2d0f1f7C:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exeC:\WINDOWS\SYSTEM32\LSASRV.dll4b99d989-0f80-11e4-bea5-00158315a310

Error: (07/19/2014 00:04:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SMIPlayer.exe5.3.27.102ddc01cfa2f8fd89aa4c58C:\Program Files (x86)\TOSHIBA\TOSHIBA VIDEO PLAYER\SMIPlayer.exeb62786c7-0ef9-11e4-bea4-00158315a310

Error: (07/17/2014 09:27:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2049826f401cfa022124fb68b4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exeb6678886-0e1a-11e4-bea4-00158315a310microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (07/13/2014 00:36:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: herdProtectScan.exe1.0.3.553977103LSASRV.dll6.3.9600.171935386c52dc0000005000000000004f22a1a0001cf9e53f11ee169C:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exeC:\WINDOWS\SYSTEM32\LSASRV.dll3bd02c4b-0a47-11e4-bea4-00158315a310

Error: (07/12/2014 11:11:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: herdProtectScan.exe1.0.3.553977103LSASRV.dll6.3.9600.171935386c52dc0000005000000000004f22a160001cf9e4800ed4634C:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exeC:\WINDOWS\SYSTEM32\LSASRV.dll5d085191-0a3b-11e4-bea4-00158315a310

Error: (07/12/2014 03:53:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: herdProtectScan.exe1.0.3.553977103LSASRV.dll6.3.9600.171935386c52dc0000005000000000004f22a190401cf9e0accd9fcb3C:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exeC:\WINDOWS\SYSTEM32\LSASRV.dll283c8882-09fe-11e4-bea0-00158315a310

Error: (07/12/2014 02:47:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: herdProtectScan.exe1.0.3.553977103LSASRV.dll6.3.9600.171935386c52dc0000005000000000004f22a8b001cf9e001e31cf0cC:\Program Files\Reason\herdProtect\Scanner\herdProtectScan.exeC:\WINDOWS\SYSTEM32\LSASRV.dll0b1a92c5-09f5-11e4-be9e-00158315a310


CodeIntegrity Errors:
===================================
Date: 2013-10-20 23:02:11.138
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-20 23:02:07.140
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-20 23:01:51.161
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-20 23:01:50.955
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-20 22:59:47.163
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-20 22:59:23.127
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-20 22:59:11.118
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-20 22:58:31.078
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-20 22:58:15.476
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-10-20 22:56:06.931
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 16296.03 MB
Available physical RAM: 12387.31 MB
Total Pagefile: 32680.03 MB
Available Pagefile: 28645.11 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (TI10667700F) (Fixed) (Total:919.8 GB) (Free:829.43 GB) NTFS
Drive e: (My Book) (Fixed) (Total:465.64 GB) (Free:243.41 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 8D399BC0)
Partition 1: (Not Active) - (Size=466 GB) - (Type=0C)

==================== End Of Log ============================
smartrobert
Active Member
 
Posts: 9
Joined: July 20th, 2014, 4:42 pm
Advertisement
Register to Remove

Re: can't stop the popup windows and downloads

Unread postby nunped » July 21st, 2014, 10:49 am

Hello smartrobert, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: can't stop the popup windows and downloads

Unread postby nunped » July 21st, 2014, 11:20 am

Hi smartrobert,

Please proceed with the following steps:
Step 1 - Registry Backup (TCRB)

Please download tweaking.com_registry_backup_setup.exe ... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like:
    Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.

Step 2 - AdwCleaner - Scan Only
Please download AdwCleaner by Xplode, save it to your desktop.
  • Close ALL open programs, including your Internet browsers.
  • Right click on adwcleaner.exe and select "Run as administrator" to run it.
  • Click on Scan.
    When the scan finishes, you'll see a message on the product window: "Pending. Please uncheck elements you don't want to remove."
  • Press the Report button to produce the scan report.
  • A logfile C:\AdwCleaner[Rn].txt will automatically open. ([Rn] n = number of run)
  • Please post the content of the C:\AdwCleaner[Rn].txt logfile in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: can't stop the popup windows and downloads

Unread postby smartrobert » July 21st, 2014, 11:38 pm

I did the registry backup. 14/14 files.

AdwCleaner log:

# AdwCleaner v3.216 - Report created 21/07/2014 at 23:31:45
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Robert - ROBERT
# Running from : C:\Users\Robert\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Found : C:\WINDOWS\System32\Tasks\GPUpdate
Folder Found : C:\Program Files (x86)\Bench
Folder Found : C:\Program Files (x86)\GetPrivate
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\SupTab
Folder Found : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Folder Found : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
Folder Found : C:\Users\Robert\AppData\Roaming\GetPrivate
Folder Found : C:\Users\Robert\Favorites\StumbleUpon

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Key Found : HKCU\Software\FreeSoftToday
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Found : HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\FreeSoftToday
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKCU\Software\TutoTag
Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Found : HKLM\Software\SupDp
Key Found : HKLM\Software\SupTab
Key Found : HKLM\Software\Tutorials
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxp://mystart.toshiba.com

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mj4eirvq.default\prefs.js ]


-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : blbkdnmdcafmfhinpmnlhhddbepgkeaa
Found [Extension] : icpgjfneehieebagbmdbhnlpiopdcmna
Found [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [3646 octets] - [21/07/2014 23:31:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3706 octets] ##########
smartrobert
Active Member
 
Posts: 9
Joined: July 20th, 2014, 4:42 pm

Re: can't stop the popup windows and downloads

Unread postby nunped » July 22nd, 2014, 5:27 am

Hi smartrobert,

Let's clean up what was found:
Step 1 - AdwCleaner - Scan/Clean
You should still have AdwCleaner on your desktop.
  • Close ALL open programs, including your Internet browsers.
  • Right click on adwcleaner.exe and select "Run as administrator" to run it.
  • Click on Scan. When the scan finishes...the Clean button will become active.
  • Click on Clean.
  • Select OK at each prompt... to reboot the computer.
  • A logfile C:\AdwCleaner[Sn].txt will open after you log back on the computer. ([Sn] n = number of run)
  • Please post the content of the C:\AdwCleaner[Sn].txt logfile in your next reply.

Step 2 - Fix with FRST
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
    AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
    BHO-x32: No Name -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61}C -> No File
    Toolbar: HKLM - No Name - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No File
    Toolbar: HKLM-x32 - No Name - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF HKLM-x32\...\Firefox\Extensions: [DynamicPricer@dynamic-pricer.com] - C:\Users\Robert\AppData\Local\DynamicPricer\Firefox\DynamicPricer.xpi
    FF Extension: DynamicPricer - C:\Users\Robert\AppData\Local\DynamicPricer\Firefox\DynamicPricer.xpi [2014-07-19]
    CHR Extension: (Anti-Banner) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-10-31]
    CHR Extension: (DynamicPricer) - C:\Users\Robert\AppData\Local\DynamicPricer\Chrome [2014-03-19]
    CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT332658 ... 6CA9&SSPV=
    CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=M57A07B69-8D5F-4A41-A82E-47567719AE9D&SearchSource=55&CUI=&UM=5&UP=SP2B42A91B-BDE5-4003-A885-7A9C675D6CA9&SSPV="
    2014-07-19 16:08 - 2014-07-20 16:22 - 00000000 ____D () C:\Users\Robert\AppData\Local\DynamicPricer
    
  • Save it to your Desktop as filename fixlist.txt.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Step 3 - Trend Micro™ HouseCall - scan. Image
Please download Trend Micro™ HouseCall Launcher-64bit Copyright © 2013 Trend Micro Incorporated, save it to your desktop.
  1. Click the HouseCall icon on your desktop.
    Windows Vista + Win7/Win8 users Right-click on the icon and choose "Run As Administrator"... if prompted by UAC, allow it.
    The latest program and definition files will be downloaded... see progress bar.
  2. Accept the license agreement terms... then Press the Next button.
  3. Press the Scan Now button.
    HouseCall will start scanning your system. This takes a while, be patient... let it run.
    Once the scan is complete it will display if your system has been infected.
  4. If infected...Save the scan results as a Text file ... save it to your desktop.
  5. Copy and paste the saved scan results file in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: can't stop the popup windows and downloads

Unread postby smartrobert » July 22nd, 2014, 7:16 am

All 3 steps completed. Trend Micro HouseCall did not find any threats.

# AdwCleaner v3.216 - Report created 22/07/2014 at 06:58:18
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Robert - ROBERT
# Running from : C:\Users\Robert\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Robert\Favorites\StumbleUpon
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\GetPrivate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Users\Robert\AppData\Roaming\GetPrivate
Folder Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Folder Deleted : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\WINDOWS\System32\Tasks\GPUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\FreeSoftToday
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKLM\Software\SupDp
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\Tutorials
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mj4eirvq.default\prefs.js ]


-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : blbkdnmdcafmfhinpmnlhhddbepgkeaa
Deleted [Extension] : icpgjfneehieebagbmdbhnlpiopdcmna
Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [3822 octets] - [21/07/2014 23:31:45]
AdwCleaner[S0].txt - [3530 octets] - [22/07/2014 06:58:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3590 octets] ##########


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014
Ran by Robert at 2014-07-22 07:06:24 Run:1
Running from C:\Users\Robert\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
BHO-x32: No Name -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61}C -> No File
Toolbar: HKLM - No Name - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No File
Toolbar: HKLM-x32 - No Name - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF HKLM-x32\...\Firefox\Extensions: [DynamicPricer@dynamic-pricer.com] - C:\Users\Robert\AppData\Local\DynamicPricer\Firefox\DynamicPricer.xpi
FF Extension: DynamicPricer - C:\Users\Robert\AppData\Local\DynamicPricer\Firefox\DynamicPricer.xpi [2014-07-19]
CHR Extension: (Anti-Banner) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-10-31]
CHR Extension: (DynamicPricer) - C:\Users\Robert\AppData\Local\DynamicPricer\Chrome [2014-03-19]
CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT332658 ... 6CA9&SSPV=
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=M57A07B69-8D5F-4A41-A82E-47567719AE9D&SearchSource=55&CUI=&UM=5&UP=SP2B42A91B-BDE5-4003-A885-7A9C675D6CA9&SSPV="
2014-07-19 16:08 - 2014-07-20 16:22 - 00000000 ____D () C:\Users\Robert\AppData\Local\DynamicPricer
*****************

"C:\PROGRA~2\SupTab\SEARCH~2.DLL" => Value Data not found.
"C:\PROGRA~2\SupTab\SEARCH~1.DLL" => Value Data not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42c1-9DCD-7282A2D07C61}C' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{C9C42510-9B41-42c1-9DCD-7282A2D07C61}C'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} => value deleted successfully.
'HKCR\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} => value deleted successfully.
'HKCR\Wow6432Node\CLSID\{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\DynamicPricer@dynamic-pricer.com => Value not found.
C:\Users\Robert\AppData\Local\DynamicPricer\Firefox\DynamicPricer.xpi not found.
C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman => Moved successfully.
C:\Users\Robert\AppData\Local\DynamicPricer\Chrome directory not found.
CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT332658 ... 6CA9&SSPV= ==> The Chrome "Settings" can be used to fix the entry.
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3326582&octid=EB_ORIGINAL_CTID&ISID=M57A07B69-8D5F-4A41-A82E-47567719AE9D&SearchSource=55&CUI=&UM=5&UP=SP2B42A91B-BDE5-4003-A885-7A9C675D6CA9&SSPV=" ==> The Chrome "Settings" can be used to fix the entry.
"C:\Users\Robert\AppData\Local\DynamicPricer" => File/Directory not found.

==== End of Fixlog ====
smartrobert
Active Member
 
Posts: 9
Joined: July 20th, 2014, 4:42 pm

Re: can't stop the popup windows and downloads

Unread postby nunped » July 22nd, 2014, 9:24 am

Hi smartrobert,

Can you please tell me how your computer is behaving?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: can't stop the popup windows and downloads

Unread postby smartrobert » July 23rd, 2014, 6:19 am

seems to be working much better. pop-ups have stopped and links in webpages are gone. Thanks for your help!
smartrobert
Active Member
 
Posts: 9
Joined: July 20th, 2014, 4:42 pm

Re: can't stop the popup windows and downloads

Unread postby nunped » July 23rd, 2014, 2:59 pm

Hi smartrobert,

Let's just see if there's anything left:


Step 1 - Search with FRST
  • Right-click FRST64.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Copy and Paste the following script into the Search: box Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).
Code: Select all
suptab;dynamicpricer;trolltech;conduit;datamngr;Fun4IM;Bandoo;Searchqu;iLivid;whitesmoke;kelkoopartners

  • Press the Search Registry button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: can't stop the popup windows and downloads

Unread postby smartrobert » July 23rd, 2014, 11:54 pm

Farbar Recovery Scan Tool (x64) Version: 24-07-2014
Ran by Robert at 2014-07-23 23:52:57
Running from C:\Users\Robert\Downloads
Boot Mode: Normal

================== Search Registry: "suptab;dynamicpricer;trolltech;conduit;datamngr;Fun4IM;Bandoo;Searchqu;iLivid;whitesmoke;kelkoopartners" ===========


===================== Search result for "suptab" ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\SupTab\RSHP.exe"="0x534143500100000000000000070000002800000070BA0600EBAF070001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000E1260000000000000700000007000000"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\SupTab\RSHP.exe"="0x534143500100000000000000070000002800000070BA0600EBAF070001000000000000000000030671220000975FD891C99ECE0100000000000000000200000028000000000000000000000000000000000000000000000000000000E1260000000000000700000007000000"

===================== Search result for "dynamicpricer" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DynamicPricerInstaller_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DynamicPricer_RASAPI32]


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-1675530904-1706056172-1663431866-1001\Software\Trolltech]


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9f41624-2083-45cd-ac36-af8119a22a41}]
""="CLocationSearchQuery"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_USERS\S-1-5-21-1675530904-1706056172-1663431866-1001\Software\Classes\ActivatableClasses\CLSID\{DECACE56-2857-59A8-B3BA-79C3DF0F359B}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"

[HKEY_USERS\S-1-5-21-1675530904-1706056172-1663431866-1001_Classes\ActivatableClasses\CLSID\{DECACE56-2857-59A8-B3BA-79C3DF0F359B}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"


===================== Search result for "whitesmoke" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B760674538A35F241999134C94EA70A1]
"78C26BE86AAA05845ACB465185489B37"="C:\Program Files (x86)\Google\Google SketchUp 8\Materials\Colors-Named\0129_WhiteSmoke.skm"

====== End Of Search ======
smartrobert
Active Member
 
Posts: 9
Joined: July 20th, 2014, 4:42 pm

Re: can't stop the popup windows and downloads

Unread postby nunped » July 24th, 2014, 5:44 pm

Hi smartrobert,

Let's just delete a few remaining issues:

Step 1 - Registry Backup (TCRB)
You should still have this, if not please download tweaking.com_registry_backup_setup.exe ... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  3. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  4. When completed you should see a message saying something like:
    Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  5. Close and exit the program.

Step 2 - Fix with FRST
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    Reg: reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store" /v "C:\Program Files (x86)\SupTab\RSHP.exe" /f
    Reg: reg delete "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store" /v "C:\Program Files (x86)\SupTab\RSHP.exe" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DynamicPricerInstaller_RASAPI32"
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DynamicPricer_RASAPI32"
    Reg: reg delete "HKEY_USERS\S-1-5-21-1675530904-1706056172-1663431866-1001\Software\Trolltech"
    
  • Save it to your Desktop as filename fixlist.txt.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: can't stop the popup windows and downloads

Unread postby smartrobert » July 24th, 2014, 7:38 pm

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014
Ran by Robert at 2014-07-24 19:36:30 Run:2
Running from C:\Users\Robert\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Reg: reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store" /v "C:\Program Files (x86)\SupTab\RSHP.exe" /f
Reg: reg delete "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store" /v "C:\Program Files (x86)\SupTab\RSHP.exe" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DynamicPricerInstaller_RASAPI32"
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DynamicPricer_RASAPI32"
Reg: reg delete "HKEY_USERS\S-1-5-21-1675530904-1706056172-1663431866-1001\Software\Trolltech"
*****************


========= reg delete "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store" /v "C:\Program Files (x86)\SupTab\RSHP.exe" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store" /v "C:\Program Files (x86)\SupTab\RSHP.exe" /f =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DynamicPricerInstaller_RASAPI32" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DynamicPricerInstaller_RASAPI32 (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DynamicPricer_RASAPI32" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DynamicPricer_RASAPI32 (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_USERS\S-1-5-21-1675530904-1706056172-1663431866-1001\Software\Trolltech" =========

Permanently delete the registry key HKEY_USERS\S-1-5-21-1675530904-1706056172-1663431866-1001\Software\Trolltech (Yes/No)? The operation completed successfully.



========= End of Reg: =========


==== End of Fixlog ====
smartrobert
Active Member
 
Posts: 9
Joined: July 20th, 2014, 4:42 pm

Re: can't stop the popup windows and downloads

Unread postby nunped » July 27th, 2014, 4:56 am

Hi smartrobert,

Java Update Needed!
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older versions of Java components and update:

Attention: Print these instructions or copy them. You will be closing your browser!!

REMOVE OLD JAVA VERSIONS
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste control panel into the open text entry box. Click Control Panel from the list.
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  3. Locate the following program(s):
    JAVA PROGRAMS HERE
  4. Select the program and click on Uninstall to uninstall it.
  5. Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.
    Java 7 Update 55
    • Right click on the Start...button.
    • Using the Start Search box on the Start Menu.
    • Navigate to and find the following folder: if found, delete it.
      It's possible it may have been removed by the uninstall steps
      C:\Program Files\Java\ <==== delete this entire folder
    • When finished, exit Search.

DOWNLOAD UPDATED VERSION
  1. Get the latest version of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Click the "Download JRE" button to the right.
  3. Check "Accept License Agreement "
  4. Locate the appropriate entry Windows x86 Offline for 32bit systems or Windows x64 for 64 bit systems and right click on the associated file name, save the file to your desktop.

INSTALL UPDATED VERSION
  1. Close all open applications (standard), especially your browser.
  2. From desktop... Right-click on the Java file you downloaded, select "Run As Administrator" to install the newest version.
    Uncheck any other software install offers, these may be prechecked!
  3. Follow the on-screen directions...when installation is completed successfully, reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.
OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  1. Go to Control Panel... click on the JAVA icon.
  2. Press the Update tab... UNCHECK "Check for Updates Automatically". (You can check for updates manually.)
      Reply "Never Check" to the warning prompt.
  3. Now press the Advanced tab. Press the [+] to expand the "Miscellaneous" options.
  4. UNCHECK "Java Quick Starter".
  5. Press Apply and OK... then close the Java Control Panel. close and exit Control Panel.


Good job! Your computer appears to be free from malware.

Now, some clean-up steps:

Delfix - Delete Fix Processes Image
  1. Please download delfix by Xplode and save it to your desktop.
  2. Right-click on delfix.exe and select " Run as administrator " to run it.
    An application window opens with check box options... The "Remove disinfection tools" option is checked by default.
  3. =================Check ALL the boxes... then press Run.
  4. Check the following boxes... then press Run:
    • Activate UAC
    • Remove disinfection tools --> keep this checked
    • Create registry backup
    • Purge system restore
    • Reset system settings
    When finished, Notepad will open DelFix.txt. The log will be located at the root of the system drive, C:\DelFix.txt.
  5. Please copy and paste the contents of the DelFix.txt file in your next reply.


Don't forget to re-enable your security programs!

Stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please reply to this post so I know you have read it. If you don't have any further questions this thread will be closed.

Safe surfing! ;)
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: can't stop the popup windows and downloads

Unread postby smartrobert » July 27th, 2014, 11:03 am

# DelFix v10.7 - Logfile created 27/07/2014 at 10:58:17
# Updated 27/04/2014 by Xplode
# Username : Robert - ROBERT
# Operating System : Windows 8.1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Robert\Downloads\FRST-OlderVersion
Deleted : C:\Users\Robert\Desktop\JRT.txt
Deleted : C:\Users\Robert\Downloads\Addition.txt
Deleted : C:\Users\Robert\Downloads\AdwCleaner.exe
Deleted : C:\Users\Robert\Downloads\Fixlog.txt
Deleted : C:\Users\Robert\Downloads\FRST.txt
Deleted : C:\Users\Robert\Downloads\FRST64.exe
Deleted : C:\Users\Robert\Downloads\JRT.exe
Deleted : C:\Users\Robert\Downloads\Search.txt
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #46 [paint.net 4.0 | 07/09/2014 01:51:23]
Deleted : RP #47 [Scheduled Checkpoint | 07/18/2014 02:10:19]
Deleted : RP #48 [Windows Update | 07/24/2014 23:56:42]
Deleted : RP #49 [Removed Java 7 Update 55 | 07/27/2014 14:32:34]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
smartrobert
Active Member
 
Posts: 9
Joined: July 20th, 2014, 4:42 pm

Re: can't stop the popup windows and downloads

Unread postby nunped » July 27th, 2014, 12:45 pm

Hi smartrobert,

Please confirm that everything is working fine, before we close this thread :)
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware